CAS-001 Question #236: Real Exam Question with Answer & Explanation

The correct answer is C: Only access hosts through a secure management interface.. The virtual host (hypervisor) is the most privileged layer in a virtualized environment - compromising it compromises every guest VM on top of it. C (only access hosts through a secure management interface) ensures that all administrative access to the hypervisor is channeled thr

Question

An administrator wants to virtualize the company's web servers, application servers, and database servers. Which of the following should be done to secure the virtual host machines? (Select TWO).

Options

AEstablish VLANs for each virtual guest's NIC on the virtual switch.
BEnable virtual switch layer 2 security precautions.
COnly access hosts through a secure management interface.
DDistribute guests to hosts by application role or trust zone.
ERestrict physical and network access to the host console.

Explanation

The virtual host (hypervisor) is the most privileged layer in a virtualized environment - compromising it compromises every guest VM on top of it. C (only access hosts through a secure management interface) ensures that all administrative access to the hypervisor is channeled through a dedicated, hardened, and audited interface, preventing direct or ad-hoc access. E (restrict physical and network access to the host console) limits who can reach the hypervisor at the hardware and network level, reducing the exposure to both physical and remote attacks. Options A and B address virtual switch and network security for guest VMs - important, but they protect guest-to-guest traffic, not the host itself. Option D (distributing guests by trust zone) is a good isolation practice but is an architectural decision about guest placement, not a direct host-security control.

Community Discussion

No community discussion yet for this question.

Full CAS-001 Practice